Configuring command rules

Assign one or more command rules to a user as follows:

  1. Run the aaa authorization group command.

  2. Specify the group parameter.

  3. Specify the match-command parameter. You can specify one or more rules.

  4. Specify the access: permit or deny.

In the following example, the network-admin role is given access to the router ospf and ip address commands.

Permit rule

# aaa authorization group “network-admin” 1 match-command “command:router ospf;ip address” permit log

In the following example, the network-admin role is denied access to the configure router ospf enable command.

Deny rule

# aaa authorization group "network-admin" 1 match-command "command:configure router ospf enable" deny log